6585e10c6f
## 新增功能 ### 1. 屏幕阅读器兼容性增强(a11y) - 无障碍工具库:src/shared/lib/a11y.ts - aria-live Hook:src/shared/hooks/use-aria-live.ts - a11y 组件:skip-link/visually-hidden/focus-trap/aria-status - 增强 UI:table.tsx 系统性 ARIA role,dialog.tsx aria-modal - 审计文档:docs/accessibility/a11y-audit.md(WCAG 2.1 AA 清单) ### 2. 视觉回归测试 - 测试套件:tests/visual/(homepage + 3 个 dashboard) - 3 视口(desktop/tablet/mobile)× 2 主题(light/dark) - 动态元素遮罩,避免误报 - playwright.config.ts 新增 visual-chromium 项目 - 文档:docs/testing/visual-regression.md ### 3. 短信/微信推送渠道集成 - 新模块:src/modules/notifications/ - 4 个渠道:SMS(阿里云/腾讯云)、WeChat(公众号)、Email(SMTP)、In-App - 分发器按用户偏好并行多渠道发送 - 外部 SDK 动态 import,Mock 模式开发可用 - 文档:docs/notifications/channels.md ### 4. 漏洞扫描 CI 集成 - CI security-scan job:npm audit + Snyk + Trivy FS + OWASP ZAP - 独立工作流 security.yml:每周一深度扫描 + 容器镜像扫描 - 配置:suppressions.json + .trivyignore - 本地脚本:security-scan.sh/ps1 - 文档:docs/security/scanning.md(SLA 分级) ### 5. 灾备方案 - 脚本:backup-verify/backup-offsite-sync/dr-drill/failover/health-check - CI 增强:备份后校验+异地同步,每周灾备演练 - 独立工作流 dr-drill.yml:每周一凌晨 4 点自动演练 - 文档:docs/dr/dr-plan.md(RTO 4h/RPO 24h)+ dr-runbook.md(6 故障场景) ## 验证 - npx tsc --noEmit:0 错误 - npm run lint:0 错误 0 警告
125 lines
4.3 KiB
YAML
125 lines
4.3 KiB
YAML
name: DR Drill
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 4 * * 1" # 每周一凌晨 4 点
|
|
workflow_dispatch: # 支持手动触发
|
|
inputs:
|
|
backup_file:
|
|
description: '指定备份文件(可选,留空使用最新备份)'
|
|
required: false
|
|
default: ''
|
|
no_cleanup:
|
|
description: '演练后不清理测试数据库'
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
|
|
jobs:
|
|
dr-drill:
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install MySQL client
|
|
run: |
|
|
sudo apt-get update -qq
|
|
sudo apt-get install -y -qq mysql-client
|
|
|
|
- name: Prepare backup directory
|
|
run: mkdir -p backups docs/dr/reports
|
|
|
|
- name: Download latest backup artifact (if no backup file specified)
|
|
if: github.event.inputs.backup_file == ''
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: db-backup
|
|
path: backups/
|
|
continue-on-error: true
|
|
|
|
- name: Run database backup (if no artifact available)
|
|
if: steps.download.outcome == 'failure' || true
|
|
env:
|
|
DATABASE_URL: ${{ secrets.DATABASE_URL }}
|
|
BACKUP_DIR: ./backups
|
|
run: |
|
|
if [ -z "$(ls -A backups/db_backup_*.sql.gz 2>/dev/null)" ]; then
|
|
echo "No backup artifact found, creating fresh backup..."
|
|
chmod +x scripts/backup-db.sh
|
|
./scripts/backup-db.sh
|
|
else
|
|
echo "Using existing backup artifact"
|
|
fi
|
|
|
|
- name: Run disaster recovery drill
|
|
env:
|
|
DATABASE_URL: ${{ secrets.DATABASE_URL }}
|
|
BACKUP_DIR: ./backups
|
|
DR_DRILL_TEST_DB: next_edu_dr_drill
|
|
run: |
|
|
chmod +x scripts/dr-drill.sh
|
|
ARGS=""
|
|
if [ -n "${{ github.event.inputs.backup_file }}" ]; then
|
|
ARGS="$ARGS --backup ${{ github.event.inputs.backup_file }}"
|
|
fi
|
|
if [ "${{ github.event.inputs.no_cleanup }}" = "true" ]; then
|
|
ARGS="$ARGS --no-cleanup"
|
|
fi
|
|
./scripts/dr-drill.sh $ARGS
|
|
|
|
- name: Upload drill report
|
|
if: always()
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: dr-drill-report-${{ github.run_id }}
|
|
path: docs/dr/reports/
|
|
retention-days: 90
|
|
|
|
- name: Notify operations team (on failure)
|
|
if: failure()
|
|
env:
|
|
WEBHOOK_URL: ${{ secrets.DR_NOTIFICATION_WEBHOOK }}
|
|
SMTP_HOST: ${{ secrets.SMTP_HOST }}
|
|
run: |
|
|
echo "DR Drill failed! Notifying operations team..."
|
|
# Webhook 通知(如果配置)
|
|
if [ -n "$WEBHOOK_URL" ]; then
|
|
curl -X POST "$WEBHOOK_URL" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{
|
|
\"text\": \"⚠️ DR Drill Failed\",
|
|
\"attachments\": [{
|
|
\"color\": \"danger\",
|
|
\"fields\": [
|
|
{\"title\": \"Repository\", \"value\": \"${{ github.repository }}\", \"short\": true},
|
|
{\"title\": \"Run ID\", \"value\": \"${{ github.run_id }}\", \"short\": true},
|
|
{\"title\": \"Triggered By\", \"value\": \"${{ github.actor }}\", \"short\": true},
|
|
{\"title\": \"Time\", \"value\": \"$(date -u +%Y-%m-%dT%H:%M:%SZ)\", \"short\": true},
|
|
{\"title\": \"Action\", \"value\": \"Check workflow logs and report artifact\", \"short\": false}
|
|
]
|
|
}]
|
|
}" || echo "WARN: Webhook notification failed"
|
|
else
|
|
echo "INFO: DR_NOTIFICATION_WEBHOOK not set, skipping webhook notification"
|
|
fi
|
|
# 邮件通知(如果配置 SMTP)
|
|
if [ -n "$SMTP_HOST" ]; then
|
|
echo "INFO: SMTP notification would be sent (configure in production)"
|
|
fi
|
|
|
|
- name: Summary
|
|
if: always()
|
|
run: |
|
|
echo "=== DR Drill Workflow Summary ==="
|
|
echo "Run ID: ${{ github.run_id }}"
|
|
echo "Triggered by: ${{ github.actor }}"
|
|
echo "Status: ${{ job.status }}"
|
|
echo "Report: Check dr-drill-report-${{ github.run_id }} artifact"
|
|
echo ""
|
|
if [ -f docs/dr/reports/dr_drill_*.md ]; then
|
|
echo "Latest drill report:"
|
|
cat docs/dr/reports/dr_drill_*.md | head -50
|
|
fi
|